You may have heard - on Dec. 9th, a critical internet security flaw was disclosed and named Log4j, and it's been wreaking havoc on the internet ever since.
"So far, attackers have exploited the flaw to install cryptominers on vulnerable systems, steal system credentials, burrow deeper within compromised networks, and steal data, according to a recent report from Microsoft."
✓ Java calls its software’s logging library “Log4j.” Access to the logging library gives the user administrative power over its system. Thus, the vulnerability is aptly named after Java's logging library.
"(Log4j) … allows attackers to execute code remotely on a target computer, meaning that they can steal data, install malware or take control.
Some cybercriminals have installed software that uses a hacked system to mine cryptocurrency, while others have developed malware that allows attackers to hijack computers for large-scale assaults on internet infrastructure."
At this time, the F-Secure, Rackspace, and OmniWAN products we provide clients are not affected by Log4j.
Clients using F-Secure for device protection and Managed Network Security for their internet service are actively managed and protected from the threat environment as it evolves.
✓ Cybersecurity that is monitored and managed in real-time is the best defense against Log4j exploits and unknown future threats.
What you need to do
There are only two things a consumer can do to mitigate the risk of Log4j because the remedial work must be done on the enterprise side of things.
Keep up with software updates.
Use cybersecurity defenses that are monitored and managed in real-time.
TDS updates clients' system software for their devices and networks automatically.
And, all our products are enterprise-grade and receive constant attention 24/7/365 to remain optimized and safe from evolving risks.
✓Be sure your software is current and all your personal devices and ISP internet network are actively managed from internet risk.
* Take the free ShieldTest to evaluate the security of the network you are on now, here.
What's next
I can assure you we will see severe repercussions from the Log4j vulnerability worldwide as the frenzy of exploitation continues into 2022.
Here are the reasons why:
So many are at risk with estimates in the 100's of millions of affected devices.
The hack is ridiculously easy to perpetrate.
There are countless ways to deploy the hack for criminal gain; many no one has even thought of yet.
Increased use of AI by hackers in 2022-2023 will discover new Log4j exploits humans would never imagine otherwise.
✓ The worst is undoubtedly yet to come, and the consequences of Log4j will invariably be felt for many years to come.
Cybersecurity firm Check Point said Wednesday that it had detected more than 1.8 million attempts to exploit the bug in the days since it became public, with over 46 percent of those coming from known malicious groups.
Stay in touch with us to ensure you use protection across your devices and networks.
We are here for you when you have questions, are suspicious, have concerns, or need advice on privacy and digital security. Be sure to send screenshots when applicable!
We offer complimentary account reviews, risk assessments, and advice for clients, their families, and the referrals they bring to us.
✓ Consider using one of our "computer coaches" to remote in and help you manage your device settings and preferences. The coach can help you with browser security, password management, backups, and everything you need to stay safe and in control of your personal technology.
TDS is here for you
The staff at TDS will be working over the holidays as it is always high season for hackers and cybercrime. Please reach out if you need us; we'll be here for you.
In the meantime, we wish all our clients and their respective families a Merry Christmas and Happy New Year.
Want to clean your computer or set up a new one? Learn to use a password manager or backup files? Perhaps set up your browser or make things flow more easily?
✓ The coaching approach is about learning life-long skills and thinking critically for increased satisfaction, privacy, and security with personal technology.
Total Digital Security
Schedule an account review
Contact us for a complimentary client account review.
Total Digital Security
For previous CyberAdvisor Letters:
To view Blog posts:
Total Digital Security, 7777 Glades Rd, Suite 100, Boca Raton, Florida 33434, United States, 877-643-6391